Blog

Having Office 365 mailbox spread across multiple data centres can cause issues when accessing shared resources. The issue can demonstrate it self by an inability to send as a shared mailbox or losing access to it completely in Outlook or Web-mail.

Outlook error

The specified object was not found in the store., Can’t connect to the mailbox of user Mailbox database guid: XXXX because the ExchangePrincipal object contains outdated information. The mailbox may have been moved recently. Email could not be sent. The message has been moved to your Drafts folder.

Webmail error

Your request can’t be completed at this time

Connect to your remote power-shell and run following command to view your user list and list of databases

A new type of extortion email has been sneaking into inboxes over the last year. You may be familiar with the traditional ransom email. You would receive an email from a miscreant saying that your browsing habits have been recorded, and without sending a payment this sensitive information will be revealed to the world, to your family, to your colleagues. What makes this new email particularly frightening to […]

A new type of extortion email has been sneaking into inboxes over the last year. You may be familiar with the traditional ransom email. You would receive an email from a miscreant saying that your browsing habits have been recorded, and without sending a payment this sensitive information will be revealed to the world, to your family, to your colleagues.

What makes this new email particularly frightening to the receiver, is that these messages include a real password that was linked to their email address.

Quite often, these are historic passwords, that might not have been used for a number of years. These passwords are most likely pulled from the big database leaks that you may have heard about in the news. Companies like Adobe, Yahoo and Tesco have had data such as usernames and passwords posted to forums where these scammers can readily access them. Details of the websites that have had breaches, and the ability to check if your data was included in one of these breaches can be found on websites such as; Have I Been Pwned.

The scammer will claim that, by using this password, they were able to access your web camera, record the sites you were visiting, and your actions while viewing these sites. They say that they installed malware on your computer or that they have accessed your contacts.

The truth is, that the attackers do not have any of this information. They are finding your data from these breaches and sending it to you in the hope that you are adequately frightened and will send them the ransom money.

How can I protect myself?

IQ in IT have received a number of emails about this scam over the last month and were able to advise our clients on how to proceed. To start, IQ in IT recommend you use a webcam privacy cover, with which you can cover your monitor’s webcam when not in use. Here at IQ in IT, we provide these for free and always have them to hand when attending events.

IQ in IT are also happy to share that there is no merit in these emails and that they should be ignored. The only scary part here is that, this data is being breached from trustworthy companies. Make sure that you are regularly changing your passwords and always using secure passwords. Here at IQ in IT we recommend using a password manager that can generate and store unique passwords for every website.

The Government has recently launched a new scheme across the UK to assist small to medium sized businesses in upgrading their broadband.

The Gigabit Broadband Voucher Scheme will see firms being able to claim up to £3,000 to upgrade their broadband to a gigabit capable connection. The scheme forms part of the Local Full Fibre Networks programme, backed by a £200 million investment courtesy of the Government.

The Gigabit Scheme will open the doors to cloud services such as VoIP, cloud based email, cloud desktops and other hosted solutions, meaning even the smallest business will enjoy the opportunity to compete on a global playing field thanks to time and money saving systems known to make doing business more efficient.

Eligibility criteria

There is a set of eligibility criteria for the scheme. To qualify, companies have to be based in the UK. They must employ no more than 250 staff; have a turnover of less than £50 million and / or a balance sheet total under £43 million.

You don’t have to be a registered company to qualify: sole traders can also apply providing they meet the above criteria. This means that even the smallest businesses will be able to take advantage of today’s cloud based technologies that are reliant on fast and reliable internet.

Cloud services

VoIP: Also known as a cloud phone system, ‘voice over internet protocol’ telephone services have come a long way since they first became popular at the turn of the millennium, especially when backed by super-fast internet speeds. Cloud phones bring flexibility to the working day, providing access to an office phone system regardless of where you are. Money saving, convenient and presenting a professional profile without heavy capital investment, cloud phones offer a vast range of features such as call forwarding, call queuing, call routing and music on hold to name just a few.

Cloud email: Any time, any place access to business email with the reassurance of antivirus and antispam protection is made possible by cloud email. If you use Outlook, then you’ll appreciate its features such as contact lists and shared calendars, all available on the go on any device thanks to cloud email.

Cloud desktop: Everyone will agree that there is nothing like your own personal desktop. All your own shortcuts; the taskbar just how you want it; access to all your apps right there at your fingertips. So when you can see your familiar desktop on any device, wherever you are, that has to be a major advantage. Cloud desktop services reduce hardware costs because everything is hosted on cloud servers rather than locally. Plus with data stored in the cloud, there is an automatic back-up and built-in disaster recovery.

Laying foundations for the future

Matt Hancock is Secretary of State for Digital, Culture, Media and Sport. On the subject of the Gigabit Scheme, he said: ‘Small businesses are the backbone of the British economy and now they can turbo-charge their connectivity with gigabit speeds.

‘By building a full fibre future for Britain we are laying the foundations for a digital infrastructure capable of delivering today what the next generation will need tomorrow.’

Cloud services for the aspirational business

Whether you are just starting out in business or are planning expansion, a move to cloud services is sure to deliver a major boost to your efficiency and competitive edge. The new Gigabit Broadband Voucher Scheme will enable access to a range of cloud based services, so it is well worth learning more. Visit https://gigabitvoucher.culture.gov.uk/ to discover how the scheme could benefit your business, and if you are eager to find out more about cloud services, don’t hesitate to contact the IQinIT team.

You’re working away when a window pops up on your screen letting you know that there are new updates available. But you’re busy right now, so you hit the ‘remind me later’ button. But when later comes around and you get that reminder you asked for, you’re still busy, so you dismiss it again.

The thing is that these notifications are not just created to annoy us while we’re working. They are trying to tell us something incredibly important: that our software needs a new layer of protection, or that there are improvements or bug fixes you could be benefiting from.

What are software updates?

Software updates perform a wide range of tasks. Some are for individual software programs; others are for our operating systems. There are updates that clean up and get rid of outdated features, whilst others install new and improved ones. Some updates renew drivers and others fix annoying bugs. But perhaps the most important updates are the ones that deal with security flaws. What is a security flaw and how does a software update resolve it?

Software flaws are weaknesses or holes in the security of an operating system or software program. Hackers are a dab hand at writing code to exploit these weaknesses via malware. The code gets them into your machine when you open a certain website or email or play infected videos.

Once malware has infected your machine, it has the ability to compromise data, take control of your PC or use software differently to how it should be.

Why should I install software updates?

Once an update is released, hackers worldwide will know there is a security flaw ready for the taking. As fast as software developers are coming up with ways to halt security attacks, so hackers are finding new ways in. The game just goes around and around.

You should be aware that your data and files are at risk unless you have installed the latest updates. Everything you store digitally: photos, videos, files, databases; it’s all potentially exposed to hackers. Certain strains of malware have the ability to completely wipe documents from a hard drive or copy them to a remote server. No one will forget the effects of the WannaCry epidemic that swept the nation and further afield in 2017 leading to personal data and company documents being held hostage until payment was made to release them. In a lot of cases, the systems that were compromised were not up to date.

Ensuring you update operating systems and keep software updated as and when it prompts you is vital if you want to avoid these types of threats.

What about legacy systems?

A large number of organisations are still using legacy infrastructure, mainly because it delivers continuity, but also because there is a belief that the cost and upheaval of migrating to new technology would be damaging both financially and in terms of productivity.

In actual fact what some organisations may not realise is that the cost of maintaining legacy systems could actually be higher than the long term gains made by updating.

Aside from hindering innovation, there are some extremely serious risks associated with sticking with a legacy system, malware being one of them. Windows XP for example is, according to Microsoft, six times more likely to be infected with malware than more recent versions of Windows.

Some legacy systems simply cannot be security patched, or there are no patches available at all.

With such high risks offering up the potential for reputation damage, reduced profitability and loss of competitive edge, and the fact that legacy systems are subject to expensive maintenance costs, it is clear to see that the most astute option would actually be to update to a system powered by today’s technologies and protected by modern security measures.

In Summary

Even though software updates may seem like an inconvenience, and the prospect of system upgrades may be a real worry, the fact is, both could actually save you from a host of serious issues.

So, the next time you see an updates notification, be sure to action it. And if you are ready for a system upgrade to move your legacy infrastructure into the 21st century, how about talking to IQ in IT? We offer a hands-on service whereby we’ll get to the bottom of your individual needs and then build a system around them so that you have the infrastructure you need to grow, and that does the best job possible in keeping your organisation safe and secure.

Living in a smart-enabled home? It certainly has its benefits. Ordering household supplies at the touch of a button on the cupboard or washing machine; turning the heating up via your phone before you even arrive home; issuing smart keys to tradespeople to access your property whilst you’re at work. We can switch the lights or TV on remotely to make it look like we’re home after dark, and we can even see what’s going on in the house when we’re out using cloud cams.

Our lives certainly seem to be getting so much easier and, you would think, more safeguarded thanks to smart technology. But have you stopped to consider how secure all these WiFi connected devices actually are?

Even children’s toys are connected to the internet these days. But worryingly these, and household devices that are remotely controlled over the web, are actually laying homeowners wide open to serious risks including break-ins and spying.

Lack of smart device security can lead to shocking consequences

Devices that are not adequately secured can open a home up to extremely shocking consequences. Often set with no password or a default, smart devices can provide a far too simple way for cyber criminals to obtain personal details from any web pages or apps that are not using secure encryption.

Kaspersky Lab’s Denis Makrushin has said, “Cyber-attacks conducted by seemingly harmless connected devices are no longer just the stuff of movies, or even of the future. They are a very real and current threat.

“As more devices have connectivity built-in, users urgently need to realise they must employ the same level of security for mobile phones and computers.”

The Mirror newspaper uncovered the calculating methods used by cyber criminals to acquire personal details. It also reported that whistleblowing website WikiLeaks has published documents which it claims revealed the range of hacking tools used by the CIA. These include techniques developed to transform everyday household gadgets such as smart TVs into spying devices.

The newspaper challenged First Base Technologies, the online security company used by financial institutions, supermarkets and the government to uncover holes in their online security systems. The response revealed major cause for concern.

Smart home devices spark major cause for concern

On attempting to access a British Gas Hive Active Heating system controlled by a mobile app, the company’s (legal) hacker, Rob Shapland, was able to access the device with ease. Worryingly, he managed to obtain the owner’s home address and holiday dates.

Hackers start their in-road with a name. They then search for social media accounts. Then, through the ‘forgot my password link’ and internet searches, they can work out an email address. All they then need is a password, which hackers can find easily by searching previous data hacks databases. These are logs of illegally harvested data shared by hackers in secret parts of the web. Because most people use the same passwords for all their accounts, this method is usually effective in revealing login information.

Mr Shapland’s key message was that passwords should ALWAYS be varied across different accounts and devices, even for devices that do not store financial information. Just bear in mind how dangerous it would prove to reveal your holiday dates: it’s almost as risky as leaving your front door unlocked.

Is your security camera protecting you, or spying on you?

Rob Shapland demonstrated how hackers could well be spying on you without you knowing. According to the Mirror newspaper, 100,000 British devices are believed to be at risk in this way. Even security cameras, designed to safeguard your home, could be putting you in a perilous position.

Some smart cameras are designed to be accessed using an app. Hackers access them using the default password. And how do they know when a camera only has the default password set? By using a piece of software intended for security analysts, hackers can see which webcams in any local areas are using the default setting of no password.

The advice here from Mr Shapland: “If you need to be able to access your webcam while you’re not at home, make sure it asks you for a password. Don’t use anything that doesn’t allow you to set a password.”

It is reckoned that by 2020, there will be 212 billion connected Internet of Things devices.

Already a widespread problem

Cyber-crime is estimated to net £34 billion per year, with six million people having become victims in just the past year alone. 1.4 million have reported computer virus attacks, and 650,000 email accounts and social media profiles have been compromised.

Hugh Simpson, security expert at Zyxel, says: “The more devices that integrate into the wireless network, the more risk and indeed the more that people know about you. So a balance between convenience and security is key.

“There are some basic practices that should be followed by everyone, from individual home users to the largest global enterprises. These include using strong different passwords, regularly checking for and installing software updates and implementing appropriate security software.”

According to various media reports, a ‘category one’ cyber-attack will happen “sometime in the next few years” says a director of the National Cyber Security Centre (NCSC).

– Major cyber-attack on its way – Businesses need to change the way they think about cyber security – A switch to risk management and understanding the impact of data loss is vital – Investing in digital security products should be secondary to a tailored strategy

The NCSC reports to Government Communications Headquarters (GCHQ) and holds responsibility for safeguarding the information security of the UK. It was founded in 2016 to provide advice and support for the public and private sectors in how to avoid digital security threats.

Since its launch, NCSC has dealt with 500 incidents incorporating 470 category three and 30 category two including the WannaCry ransomware attack that crippled the NHS and other organisations in 2017. A category one incident – the most serious and the only one that would require a government response – is yet to occur, but is said to be on its way in the next few years.

Time for change: a new approach to cyber security is needed

Dr Ian Levy is technical director of the NCSC. He believes that businesses, and governments, need to change the way they approach cyber security. Dr Levy says that rather than obsessing about buying the right security products, organisations should instead focus on managing risk; understanding the data they hold, the value it has and how much damage could result should it be lost.

Dr Levy’s advice was issued in the wake of a major cyber breach at US data broker Equifax which resulted in the loss of more than 130 million personal records of American citizens. The data stolen included names, addresses, dates of birth and social security numbers; basically everything required to steal a person’s identity. The attack also saw 400,000 British residents affected and, whilst the information stolen was less personal (names, dates of birth, email addresses and telephone numbers), it still represented a very serious breach.

The words of Dr Levy cast a very worrying cloud over the state of the nation’s security infrastructure, particularly as he has stated that it will take a category one incident in order for changes to be adopted, because only an attack of that seriousness would call for a government inquiry or independent investigation.

“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation,” said Dr Levy.

Dr Levy recommends that organisations looking to avoid being affected by a major security breach should turn their attention to looking at what could actually happen.

So, instead of purchasing off-the-shelf remedies that have not been designed for the very people who work at the core of the business and handle sensitive data on a daily basis, rather for the technical personnel that control the IT, companies should look towards their workforce when planning their cyber security solutions.

Understanding what could potentially happen should the particular data held get into the wrong hands is the place to start. Following this, an assessment must be made of the impact the loss of such data would have across the organisation and of course, those whose data had been stolen. Lastly, an education programme for every member of the organisation who is likely to come into contact with the data is essential.

If organisations – and this means their entire workforces -do not understand the value of the data they hold and the potential damage that could result from a breach, there is no point investing in protective software or technical solutions. In any case, a security solution must ALWAYS be fully tailored on an individual basis, which is why these assessments and education programmes are vital.

Your cyber protection strategy

Your company’s cyber protection strategy should begin with a bespoke cyber security review. Why not request yours from the dedicated team at IQ in IT today?

Christmas is coming and many of us will no doubt be looking forward with excitement to the array of new tech that our stockings are set to be filled with. Smart speakers are reckoned to be the hottest Christmas gift of 2017 according to numerous media reports. The likes of Amazon Echo and Google Home, and the forthcoming Apple HomePod, certainly seem to be the next must-have device.

Working via a simple voice command and springing to life on hearing their personal ‘wake word’, they can do everything from shuffling a music playlist and providing the latest weather forecast through to ordering pretty much all you could wish for and keeping you on track with updates from your personal calendar. Synced with other devices, they will also control your home heating and security and switch your lights on and off.

All good. However, if you’ve got one of these voice assistants on your Christmas wish list, or indeed already have one, then there’s something you need to know.

Voice Assistant Design Flaws Spark Hacking Concerns

A report in the Independent has revealed that popular voice assistants including Alexa and Siri are easy to hack due to huge design flaws.

The report reveals that researchers were able to take over seven different voice recognition systems on various gadgets including iPhones, Samsung Galaxy handsets and Windows 10 computers. The research also revealed that voice assistants can be triggered by voice commands that are inaudible to humans.

A total of 16 different devices were found to be vulnerable, however the researchers have stated that their list was “by far not comprehensive”.

It was discovered that these assistants can be triggered by voice commands that are actually inaudible to humans. Whilst an attacker would need to be close to the target device, it has been proven that it is possible to take over a voice assistant without touching it.

An ultrasonic transducer (a device that sends and receives ultrasonic sound over the airwaves) together with an amplifier were used to convert regular voice commands into ultrasounds: something that cannot be audibly detected by humans. In doing so, not only were the researchers able to active the voice assistants, they were also able to give them commands.

“By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile,” the researchers said.

Smart Home In-Roads for Attackers?

The seriousness of these findings cannot be over-emphasised. Access of this nature could allow an attacker to open a malicious website; launch a phone or video call for spying purposes; create and spread spam emails, social posts, events and text messages and disconnect wireless communications.

Furthermore, with devices like the Amazon Echo which can be connected in to a smart home set-up, there is even the risk that attackers could open a victim’s door to let intruders inside. This is not completely straightforward however as such actions require a PIN and the command must come from someone who is no more than 165cm from the device.

How to Protect Yourself from a Voice Assistant Hack?

There are ways to protect yourself from voice assistant security risks. If you are using Siri or the Google Assistant, all you need to do is switch off the always-on setting. For the Amazon Echo, just hit the mute button. However, you will of course find that waking your voice assistant is no longer just a case of using its wake word.

It is advisable to switch voice assistant microphones off at least when you are not at home and most definitely when you are away for extended periods. In fact better still, unplug the device and secure it in a safe or locked cabinet when you are leaving your home unoccupied for longer than your working day.

Concerned About the Security of Your Smart Home?

If you are in any way concerned about the security of your modern home technology and smart devices, talk to the experts at IQ in IT. We provide specialist assistance to businesses and individuals seeking to protect their data and safeguard what matters to them.

Cyber-crime is very much a huge focus for the media and it is no wonder, seeing as it is the second most reported economic crime affecting 32 per cent of organisations according to the PwC Global Economic Crime Survey 2016.

We see regular reports on almost a daily basis of cyber-breaches and attacks on large organisations. However, the issue is certainly not just a problem for multi-national organisations. In fact, it’s not just a business related issue at all.

Anyone can be at risk of a cyber-breach including on a personal level, in particular those who hold senior executive positions or are known to be of high net worth. High profile figures, from sports people and TV personalities to politicians, are prime targets. No one will forget the reports of ex-England footballer David Beckham’s emails having been breached, and the 2014 mass-attack of a number of celebrity iCloud accounts still gives cause for concern, as does the accessing of President Obama’s personal emails in the same year.

Of course you don’t have to be in the spotlight to become a victim of cyber criminals or hackers: executives are also attractive targets and there have even been reports of attackers trawling through the websites of wealth managers in order to target the super-rich.

Double Risks for Executives

For the executive, there is a double risk: aside from the potential to become a third-party in-road for cyber criminals into the organisations they head-up (the PwC survey confirmed that the human factor is by far the weakest link in terms of corporate cyber-crime), there is also a major risk to personal assets.

A study carried out last year, the Barclay’s Digital Development Index, showed the UK in ninth place out of a survey of ten countries due to a lack of digital skills. Barclays said only 13 per cent of British workers surveyed used password-generating software, in comparison to 32 per cent in China and India. It also came to light that the majority stored payment information on frequently used websites, suggesting that convenience is dangerously prioritised over security.

Phishing attacks are also on the rise. Telecoms company Verizon analysed 10,000 incidents in its 2016 Data Breach Investigations Report. It found as many as 1,000 had led to a data breach and that nearly one in three phishing emails is opened, with 12 per cent clicking on links. Apparently, those in high-pressure jobs, for example PR executives, journalists and lawyers, who regularly receive urgent emails, sit amongst the most regular victims.

Individuals Should Place as Much Emphasis on Cyber Security as they do Physical Security

Digital crime now poses one of the most significant threats to particularly wealthy people, which is why it is crucial for high net worth and high profile individuals to place as much emphasis on protecting themselves in the cyber realm as they do via bodyguards and security measures in the physical world.

The methods cyber criminals are using to compromise their targets are becoming increasingly sophisticated. Attackers will monitor online activity in order to siphon off money; they’ll use threats of extortion from data extracted during a breach; they’ll blackmail their victims through digital means, sometimes manipulating social media interactions to do so. Devices may even be stolen in order to gain access to platforms and accounts, and criminals are not just going directly to the target: they are also finding avenues in through their domestic staff such as cleaners and nannies as well as drivers and PAs.

For the high net worth individual, reputation is at risk as well as monetary loss.

The importance of arranging for a robust, fully tailored cyber security programme to be put in place cannot be over-emphasised. This programme must include dedicated monitoring and ongoing advice and attention so that it never becomes outdated. Cyber-crime is evolving at an exceptionally rapid pace, which for the wealthy and influential means the risk will continue to grow.

The key message is, do not leave yourself open to attacks. Cyber-security is not just for companies: there is a very real and exceptionally vital need to protect yourself as an individual.

At IQ in IT, cyber security is our key priority. We work with both businesses and individuals to protect data, assets and reputation. To request your cyber security review, please contact us.

You know the vital importance of adopting cyber security measures. You’re fully aware of how crucial it is to protect your business and that includes its reputation and its sensitive data.

You’ve quite rightly, and shrewdly, taken steps to install systems and processes to reduce the risk of technology failures that could open the floodgates for an attack. You’ve put in place a comprehensive educational programme for staff so that the human risk element is covered. You’ve even secured everything physically as well as digitally.

But are you missing anything? No? Are you absolutely certain?

Many business owners take fundamental steps towards cyber security so that everything inside the business is protected as best it can be. But what about OUTSIDE the business?

A lot of businesses these days outsource to third parties. Freelancers; contractors; agents: it’s a common way to deliver products and services, particularly when you’re in an industry that experiences peaks and troughs.

The thing is, any business that shares access to its sensitive data with third parties faces significant risk. If your business deals with freelancers, contractors or any other third parties then you will need to consider the importance of casting your cyber security net wider so that you can be sure you are not missing any potential weak spots outside of the walls of your business.

Be Sure to Set Policies for Third Party Suppliers

When you engage the services of a freelancer or contractor, do you request to see their own data security policies? Do you ask them to sign an agreement that protects you in the event of a data leak or other type of security breach emanating from an error or negligence on their part?

Your terms and conditions for third party suppliers must incorporate clauses that cover the steps you expect them to take to safeguard your data.

Any third party that is privy to your clients’ or employees’ data should be expected to take reasonable steps to protect that data. These steps could include ensuring all devices used to process data are password protected and armed with up to date virus protection and firewalls; that security updates are installed in a timely fashion, and that devices and any portable storage are physically secured when not in use.

The agreement should also state that any compromise of your company data should be immediately reported to you, for example loss, theft or unauthorised use of a device.

Be Prepared with an Action Plan

Following on from these policies and agreements, your organisation needs to have processes in place to deal with any breach. So for example you’re going to need to be ready with an action plan to handle situations where a freelancer’s laptop is left on a train, and that laptop contains details of your customers; or where a contractor’s iPad used to access your systems has been infected with malware. If you’re not prepared for such occurrences then you need to make arrangements with your IT providers without delay. It always pays to plan ahead rather than firefight once an incident has already occurred.

You’ll need to be particularly careful where third parties are provided with access to your systems via their own devices. It’s best to introduce an arrangement that is similar to a BYOD (bring your own device) policy. The Information Commissioner’s Office (ICO) has some useful guidance on this subject.

The guidance highlights the seventh principle of the Data Protection Act which says, “Appropriate technical and organisational measures shall be taken against accidental loss or destruction of, or damage to, personal data.” This basically means that sufficient security should be in place in order to protect personal data being accidentally or deliberately compromised. It says this applies if personal data is being processed on devices which you may not have direct control over.

Remember that in the event of a breach, the ICO is going to be looking for evidence that you took all practicable steps to protect your data.

Time for a Cyber Security Review?

At IQ in IT, cyber security is our core priority. We work closely with businesses to make sure ALL their in-roads are secured so as to provide the best, most sophisticated levels of protection possible. To request your cyber security review, please get in touch.

In just over eight months, one of the most far-reaching and comprehensive pieces of European regulation will change the face of how data is stored, handled and protected. The EU General Data Protection Regulation (GDPR) represents one of the most notable changes in worldwide privacy law in two decades and will call for businesses of all sizes to reinforce the processes and safeguards they have in place to protect sensitive data. Fail to do so, and substantial financial penalties will result.

May 25th is the key date for the business diary. This is when GDPR becomes law, and there is plenty to do in order to be ready for the new regime. Eight months really isn’t very long considering the potential enormity of the task that lies ahead.

GDPR – That’s not for me, is it?

GDPR applies to every business across the globe that provides goods and services to, or tracks or creates profiles of, EU citizens, regardless of whether or not that business is EU-based. Basically, if you do business with any EU based audience, you will need to comply with GDPR.

Whilst this is an EU regulation which will automatically fall away once the UK leaves the European Union, it is likely, according to UK government announcements, that the UK will adopt domestic legislation to retain it in whole or in part. So there is no Brexit related get-out clause.

The Regulation will increase expectations and rights concerning data privacy, and will push organisations to follow strict cyber security practices.

Non-compliance will result in hefty fines. Poor data security for example leading to public exposure of sensitive data, in other words a ‘serious violation’, could land a business with a fine of at least €20 million, or 4 per cent of global turnover, whichever is greater. Even less serious incidents would result in a fine of either €10 million being levied, or 2 per cent of global turnover.

Could your business survive a fine representing 2 per cent of turnover?

These new fines are considerably heftier than what the Information Commissioner’s Office is currently able to levy. If you take a look at some recent fines that hit the headlines, and calculate what they’d be under GDPR, it really does bring home the scale of the changes.

TalkTalk for example was fined £400,000 for security failings in 2016 after it allowed customer data to be accessed by hackers. If that fine were to be levied under GDPR, it would escalate to £59 million.

As a business, you have to consider how a fine representing 4 or even 2 per cent of your annual turnover would affect you. In many cases, the business would, quite simply, not survive.

How to prepare for GDPR?

So what should businesses be doing to prepare for GDPR? How to go about organising, managing and protecting data to ensure compliance and to be able to prove that valid efforts have been and are being made to fall in line with GDPR requirements?

A key place to start is with gaining an understanding of what GDPR is, and how it will affect your business. The Information Commissioner’s Office (ICO) has published a helpful, easy-to-follow 12-step guide to help you prepare.

The key takeaways from this guide are:

1. Ensure key personnel and decision makers are aware that GDPR will in many respects supersede the Data Protection Act. Make them aware that GDPR matters, and that it will have a direct impact upon the sales, marketing and operational elements of the business. 2. Start to document the personal data held by your business. Record where it came from, and who it is shared with. An information audit is a good idea; whilst it will take time to facilitate, it will be a worthwhile process. 3. Take a look at your existing privacy notices and be aware of whether they fall in line with GDPR requirements. Plan and introduce any necessary changes well ahead of 25th May 2018. 4. Check procedures to make sure they cover all individual’s rights. Include how personal data would be deleted or electronically transferred. 5. Ensure you have adequate procedures in place to detect, report and investigate a personal data breach. 6. Assign someone the role of managing data protection compliance and consider whether you must formally designate a Data Protection Officer.

The guide provides much more in-depth information and we would urge you to study it if you are starting out on your GDPR journey.

Your Cyber Security review

Something else you really are going to have to do ahead of GDPR is review your cyber security measures. Protection of sensitive personal data is crucial: it’s at the heart of the new Regulation.

Be sure to cover all potential cyber risk in-roads, and educate staff and everyone else with access to your network as to your official processes. Remember that in the event of a data leak situation, the Information Commissioner will be looking for evidence that you have taken practicable steps to comply with your obligations and protect sensitive data. Demonstrating your efforts in this area will help to mitigate the severity of the penalty.

At IQ in IT, cyber security is our core priority. With GDPR on the horizon, we’re making a point of ensuring our clients are ready in all respects to protect against data breaches, ransomware and virus attacks. To request your cyber security review, all you need to do is get in touch: we’re here to help protect your business.